While most clients request typical accounting or audit services from their CPA firms, many have specific needs that firms are often unable to meet through traditional preparation, compilation, review or audit engagements related to the financial statements. In those cases, a nontraditional engagement often provides the best alternative and is often performed in accordance with the attestation standards.
In April 2016, the AICPA’s Auditing Standards Board (ASB) issued Statement on Standards for Attestation Engagements (SSAE) 18, Attestation Standards: Clarification and Recodification. This new standard was effective for practitioners’ agreed-upon procedures, review and examination reports dated on or after May 1, 2017. The release of SSAE 18 was intended to be a clarification of the existing attestation standards, as well as convergence with international standards.
If you’re one of the many practitioners who perform these nontraditional engagements, you are probably well aware that SSAE 18 is now effective and that it could significantly affect your engagements. Here, we provide tips for understanding the most significant changes under SSAE 18 and the impact they have on the performance of nontraditional engagements.
- Redrafting for clarity.
With the issuance of SSAE 18, the AICPA completed its large-scale project to redraft and clarify the attestation standards using the same formatting principles developed when the auditing standards were clarified. Accordingly, SSAE 18 uses formatting techniques, such as bulleted lists, that make each section easier to read and understand and a consistent organizational structure for each section to more clearly identify the objectives, definitions, and requirements of each section. SSAE 18 also uses language consistent with the auditing standards to communicate professional requirements, such as identifying unconditional requirements through use of the term “must” and presumptively mandatory requirements through use of the term “should.”
- Representation letters.
SSAE 18 requires the practitioner to request written representations for all attestation engagements. Under the new standard, in all attestation engagements where the client isn’t the responsible party, the practitioner is required to request written representations from the client, in addition to those requested from the responsible party. Although such a letter is suggested in the current standards, it isn’t required.
- Written assertions.
SSAE 18 also requires the practitioner to request a written assertion from the responsible party in all attestation engagements, including agreed-upon procedures engagements. When the client is the responsible party, a refusal to provide a written assertion would result in the practitioner withdrawing from both an examination and a review engagement, or disclaiming an opinion in an examination engagement if the practitioner isn’t permitted by law or regulation to withdraw from the examination engagement. In an agreed-upon procedures engagement, the practitioner would be required to disclose the responsible party’s refusal to provide a written assertion in the practitioner’s report.
- Risk-based approach to examinations.
As in an audit of financial statements, SSAE 18 requires the practitioner performing an examination engagement to obtain an understanding of the subject matter and engagement adequate to identify and assess the risks of material misstatement. The practitioner should use that assessment to design and apply procedures that are responsive to those risks and obtain the evidence necessary to reduce the risk of failing to identify a material misstatement to an appropriately low level. That understanding includes an understanding of internal control over the preparation of the subject matter that is relevant to the examination.
- Incorporation of other auditing concepts.
The new guidance for examination engagements in SSAE 18 also creates requirements similar to those in the auditing standards in the following areas (although the requirements are less detailed than the analogous auditing standards):
- Tests of controls
- Analytical procedures
- Internal auditors
These requirements don’t apply to review engagements. Based on the ASB’s logic that attestation engagements share many of the same attributes as their financial statement counterparts, the required understanding and procedures in a review under the attestation standards generally mirror those in a SSARS review.
- Migration of guidance for compilations of prospective financial information to the SSARS.
Guidance for compilation services has been removed from the attestation standards because the attestation standards are intended to apply only to examination, review and agreed-upon procedures engagements. Current guidance covers compilations of prospective financial information because of a historical anomaly — it was originally issued before the attestation standards were established. Accordingly, the ARSC undertook a project to issue a SSARS that would establish standards for compilations of prospective financial information. In October 2016, the AICPA issued SSARS 23, Omnibus Statement on Standards for Accounting and Review Services—2016, which migrates the guidance on compilations of prospective financial information to the SSARS.
- Expansion of opinion in examinations of prospective financial information.
The examination opinion on a financial forecast or projection has been expanded under SSAE 18 to specifically state that, in the practitioner’s opinion, the assumptions are suitably supported. That conclusion was implicit in the extant report. The revised report under SSAE 18 makes it explicit.
- Criteria for pro forma engagements.
SSAE 18 includes a description of the criteria for the preparation of pro forma financial information, which, essentially, is what the responsible party claims to have done to develop the pro forma financial information; such criteria aren’t explicit in current guidance. In addition, SSAE 18 requires those criteria to be identified in the practitioner’s examination or review report.
Claire I. Horneffer, CPA, is Senior Technical Editor of PPC Products for Thomson Reuters Checkpoint within the Thomson Reuters Tax & Accounting Business